chiark / gitweb /
~mdw / ca / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | compact (merge: c4e3d3a 16a2848)
Merge branch 'master' of git://git.distorted.org.uk/~mdw/ca
authorMark Wooding <mdw@distorted.org.uk>
Sat, 1 Dec 2012 20:01:27 +0000 (20:01 +0000)
committerMark Wooding <mdw@distorted.org.uk>
Sat, 1 Dec 2012 20:01:27 +0000 (20:01 +0000)
* 'master' of git://git.distorted.org.uk/~mdw/ca:
  lib/func.tcl: Hack output of `openssl dgst -hex'.
  etc/openssl.conf: Allow `keyEncipherment' for TLS clients.

1  2 
etc/openssl.conf patch | diff1 | diff2 | blob | history

diff --combined etc/openssl.conf
index 1accc801fe2082cd98aa1883b8b33953ceb34732,847b1f5295376605fbbafe4d495e5a851f4061de..1fe673a7fa5e126169c5a80d5b415d3794dc274b
--- 1/etc/openssl.conf
--- 2/etc/openssl.conf
+++ b/etc/openssl.conf
@@@ -5,7 -5,7 +5,7 @@@
  ###--------------------------------------------------------------------------
  ### Defaults.
  
 -RANDFILE = /dev/urandom
 +RANDFILE = /dev/random
  db_suffix =
  
  ###--------------------------------------------------------------------------
@@@ -103,7 -103,7 +103,7 @@@ crlDistributionPoints = URI:http://www.
  
  [tls-client-extensions]
  basicConstraints = critical, CA:FALSE
- keyUsage = critical, digitalSignature
+ keyUsage = critical, digitalSignature, keyEncipherment
  extendedKeyUsage = clientAuth
  subjectKeyIdentifier = hash
  authorityKeyIdentifier = keyid:always,issuer:always
A simple X.509 certificate authority.